Menu
I am looking for a way to add a custom CA to NPM so I can download from a location using said certificate (an internal git-server) without having to nuke all CA-checking with
npm config set strict-ssl false Is there any way of achieving this or not? (if not: is there already a defect?)
431
cafile is used to define the path to a file containing the PEM encoded CA certificates that are trusted. capath directory path At least one of cafile or capath must be provided to enable SSL support. capath is used to define a directory that contains PEM encoded CA certificates that are trusted.
npmrc is the configuration file that npm allows to be used globally or user level or project level to optimize your npm environment.
You can point npm to a cafile
npm config set cafile /path/to/cert.pem You can also configure ca string(s) directly.
npm config set ca "cert string" ca can be an array of cert strings too. In your .npmrc:
ca[]="cert 1 base64 string" ca[]="cert 2 base64 string" The npm config commands above will persist the relevant config items to your ~/.npmrc file:
cafile=/path/to/cert.pem Note: these CA settings will override the default "real world" certificate authority lookups that npm uses. If you try and use any public npm registries via https that aren't signed by your CA certificate, you will get errors.
If you need to support both public https npm registries as well as your own, you could use curl's Mozilla based CA bundle and append your CA cert to the cacert.pem file:
curl https://curl.haxx.se/ca/cacert.pem > ~/.npm.certs.pem cat my-ca-cert.pem >> ~/.npm.certs.pem npm config set cafile ~/.npm.certs.pem Unfortunately npm's CA bundle is not editable as it's provided in the source code (thanks tomekwi) but nitzel has provided a generic Node.js method to append a certificate via the NODE_EXTRA_CA_CERTS environment variable.
RHEL Note: If you happen to be using a RHEL based distro and the RHEL packaged nodejs/npm you can use the standard update-ca-trust method as RedHat points their packages at the system CA's.
185
If Matts Answer isn't helping you, the following Windows PowerShell way worked for me and the similar approaches for CMD/Unix worked for other users:
$env:NODE_EXTRA_CA_CERTS=path\to\certificate.pem; npm install (pointed out by Marc in the comments)
set NODE_EXTRA_CA_CERTS=C:\\path\\to\\certificate.pem npm install (pointed out by Mike & mread1208 in the comments)
export NODE_EXTRA_CA_CERTS=/path/to/trusted/CA.pem npm install If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
